Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Microsoft 365 phishing
Extortion crew hijacks Microsoft 365 accounts via fake passkey setup

The Pink cyber extortion crew is tricking employees into giving them access to their Microsoft 365 accounts by faking Entra passkey enrollment requests. The attack The attack …

malware
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. …

LastPass
LastPass customer data exposed through Klue supply chain attack

LastPass disclosed that attackers used OAuth tokens compromised in a supply chain attack on Klue, a market intelligence platform that integrates with CRM and sales tools …

klue salesforce
Klue breach lead to Salesforce data theft, Huntress affected

Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across …

Fortinet
74,000 Fortinet firewall credentials exposed in FortiBleed data leak

A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The …

data breach
Another healthcare firm attacked days after Novo Nordisk breach

Medical technology company iRhythm Holdings disclosed a cyberattack involving certain third-party-hosted business applications that resulted in the theft of patient protected …

Oracle
Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert

A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google …

Check Point
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)

A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the …

Fortinet
New infostealer reaches enterprise devices through FortiClient EMS vulnerability

Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server …

GitHub
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed …

malware
PureLogs infostealer is stealing credentials worldwide

A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, …

Grafana
Attackers accessed, downloaded code from Grafana Labs’ GitHub

A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools